CVE-2025-12233 – A buffer overflow vulnerability in Tenda CH22 r... (How to Fix)

Q: What is the severity of CVE-2025-12233?

CVE-2025-12233 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromSafeUrlFilter function. This affects Tenda CH22 routers running firmware version 1.0.0.1. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A buffer overflow vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromSafeUrlFilter function. This affects Tenda CH22 routers running firmware version 1.0.0.1. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda CH22

Versions: 1.0.0.1

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Ch22 Firmware by Tenda

View all CVEs affecting Ch22 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and potential lateral movement to other systems.

🟠

Likely Case

Device takeover enabling traffic interception, DNS manipulation, credential theft, and botnet recruitment.

🟢

If Mitigated

Limited impact if device is behind strict network segmentation with no internet exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub, making weaponization highly probable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Upload via router admin interface. 4. Reboot router.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Tenda CH22 routers from critical networks and internet exposure

Access Control Lists

all

Restrict access to router management interface to trusted IPs only

🧯 If You Can't Patch

Replace vulnerable routers with different models or brands
Deploy network-based intrusion prevention systems to detect and block exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface (typically at 192.168.0.1 or 192.168.1.1)

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is updated to a version later than 1.0.0.1

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SafeUrlFilter
Router reboot events
Configuration changes

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Port scanning from router IP

SIEM Query:

source="router_logs" AND (uri="/goform/SafeUrlFilter" OR event="buffer_overflow")

📊 Metadata

CVE ID: CVE-2025-12233

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.15% exploit probability (35.1th percentile)

Published: October 27, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/QIU-DIE/CVE/issues/14 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.329903 Permissions Required,VDB Entry
https://vuldb.com/?id.329903 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.673714 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://github.com/QIU-DIE/CVE/issues/14 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12233, you might also want to check these: